David Schwartz wrote:
>
> > > /dev/random should block if the system does not contain as much
> > real entropy
> > > as the reader desires. Otherwise, the PRNG implementation will be the
> > > weakest link for people who have deliberately selected higher levels of
> > > protection from cryptographic attack.
>
> > I don't want to rehash this thread from the beginning. Please go
> > back, read the Yarrow paper, and recognise that Yarrow is not an
> > entropy-counter, it is a cryptographically secure PRNG. The "count
> > random bits and block" model does not apply.
>
> Then the current implementation cannot provide the usual semantics for
> /dev/random, while it can provide the semantics for /dev/urandom. As I
> understand it, /dev/random is supposed to provide true randomness suitable
> for generating keys of unlimited length, whereas /dev/urandom is supposed to
> provide cryptographically-strong randomness for general applications.
>
> If people want /dev/random to seed 1024-bit keys, /dev/random must be
> stronger than a 1024-bit key.
1. The current /dev/random cannot do it, it's less secure
than Yarrow for a variety of reasons. So we have a net
improvement anyway. Thanks Mark.
2. Most people do not want to seed 1024-bit keys as outlined
in another mail in this thread. If they *understand* the
issues involved they will realize that 2^256 complexity
is plenty uncrackable for all practical purposes. FreeBSD
is about practical purposes IMHO.
3. Yarrow can be modified to just do this, should someone
think this is neccessary. Read the paper and think of
what happens when you set Pg to 1/(2^(k/3)). (Note that
the paper restricts this value to 1 <= Pg but that's of
no importance here.)
** This is overly conservative for most applications I can
think of; Even a multi-million dollar financial
transactioning system will be practically secure when Pg
is set to 1.
4. Nothing prevents you from adapting Yarrow so that current
/dev/random semantics are preserved, making Yarrow even
better. It can be done with the current design it's just
not very beneficial to do it.
5. Yarrow was designed as a better replacement for most any
PRNG by a couple of bright cryptographers. Can you do
better than that?
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
[EMAIL PROTECTED] _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
